1. Persona / BrowserID
Proving your identity without giving up
your privacy.
Jean-Yves Perrier (Mozilla) / May 12th, 2012
@teoli2003
MDN Hack Day — London
9. For the user :
Secure
Simple to use
Single sign-on : one password
Respect privacy
Independant of the browser
Independant of the device
Feel as a real identity
10. Hashing
MD5 — SHA1 — SHA128 ?
Salting
Ensuring strong password
usage
Procedures
- initial authentication
- password lost
- disaster recovery
- keeping up with the algo
11. For the site :
Secure
Simple to use
Respect privacy (no 3rd party take the
customer relation)
Independant of the browser
Independant of the device
Feel as a real identity
Less maintenance burden
12. Introducing Persona
and BrowserID
BrowserID : the protocol
Persona : its incarnation in the Mozilla products
13. The BrowserID
protocol
Provide authentification
Secure
Doesn't leak any more
information
14. Identity = e-mail
address
It is a fully distributed system with billions of accounts
across countless host providers
Users understand what an email address is and what it
represents
It naturally allows for the use pseudonyms
It relies on the distributed Domain Name System
(DNS) for name lookup
15. The actors
Relying Party
a site or service that depends on a federated identity
provider
Identity Provider
a site or service that provides identity assertions for
3rd party consumption
User